CVE-2020-24186

CVSS 10 CRITICALEPSS 94.6%

A Remote Code Execution vulnerability exists in the gVectors wpDiscuz plugin 7.0 through 7.0.4 for WordPress, which allows unauthenticated users to upload any type of file, including PHP files via the wmuUploadFiles AJAX action.

CVSS:3.1/AC:L/AV:N/A:H/C:H/I:H/PR:N/S:C/UI:N

Affected products

n/a · n/a

public PoCs found — 11

githubgithub.com/hev0x/CVE-2020-24186-wpDiscuz-7.0.4-RCE★ 19 githubgithub.com/substing/CVE-2020-24186_reverse_shell_upload★ 13 githubgithub.com/Sakura-501/CVE-2020-24186-exploit★ 3 githubgithub.com/GazettEl/CVE-2020-24186★ 0 githubgithub.com/sec-dojo-com/CVE-2020-24186★ 0 githubgithub.com/meicookies/CVE-2020-24186★ 0 exploitdbwww.exploit-db.com/exploits/49967unverified cve_referencepacketstormsecurity.com/files/163012/WordPress-wpDiscuz-7.0.4-Remote-Code-Execution.htmlunverified cve_referencepacketstormsecurity.com/files/163302/WordPress-wpDiscuz-7.0.4-Shell-Upload.htmlunverified exploitdbwww.exploit-db.com/exploits/49962unverified cve_referencepacketstormsecurity.com/files/162983/WordPress-wpDiscuz-7.0.4-Shell-Upload.htmlunverified

⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

http://packetstormsecurity.com/files/162983/WordPress-wpDiscuz-7.0.4-Shell-Upload.html http://packetstormsecurity.com/files/163012/WordPress-wpDiscuz-7.0.4-Remote-Code-Execution.html http://packetstormsecurity.com/files/163302/WordPress-wpDiscuz-7.0.4-Shell-Upload.html https://www.wordfence.com/blog/2020/07/critical-arbitrary-file-upload-vulnerability-patched-in-wpdiscuz-plugin/